Work with Vulnerabilities
InsightAppSec allows you to view your vulnerabilities at the Organization level, the App level, or the Scan level. The organizational view can be seen by clicking on the All Vulnerabilities tab on the left navigation bar. If you are viewing a specific app, the Vulns tab will show you all the vulnerabilities for that app, while clicking on a scan from the Scans tab will show you all the vulnerabilities found in that particular scan.
From the All Vulnerabilities screen, you can use the filtering capability to focus on certain vulnerabilities, for example, high severity vulnerabilities in your banking app. InsightAppSec comes with 2 filters by default - High or Medium Severity vulnerabilities and Unreviewed High Severity vulnerabilities.
A search filter allows you to choose the attributes of the assets that you are interested in. You can add multiple filters for more precise searches. A filter is made by comparing certain properties of vulnerabilities to a value or regular expression using one of the following operators:
- = (equals)
- != (does not equal)
- does not contain
- starts with
- ends with
- Like (regular expression)
- is null
- is not null
You can combine filters using the AND operator so that the search result set contains only the vulnerabilities that meet all of the criteria in all of the filters (leading to a smaller result set). Or you can combine filters using the OR operator so that the search result set contains vulnerabilities that meet any of the criteria in any given filter (leading to a larger result set).
A circle on the left side of the filters indicates whether the expression in the field is allowed or not. If the circle is red in color, your filter is incomplete or incorrect.
Clicking on any vulnerability will display the vulnerability detail panel on the right side of your screen. The top row in the panel gives general details about the vulnerability, such as:
- Module Type - The name of the attack used. In the following example, SQL Injection is the module type.
- Severity - The severity assigned to this type of vulnerability, which can either be the default module severity or whatever severity was selected if this vulnerability was discovered using a custom attack module.
- Status - The status of the vulnerability.
- First Detected - When the vulnerability was first discovered.
- Last Detected - When the vulnerability was last discovered.
Depending on your level of access, you can also change the severity and status of the vulnerability in this area.
- App - Link to the app where the vulnerability was found.
- ID - A unique hexadecimal identifier for this instance of the vulnerability.
- JIRA - An indicator of whether this instance of the vulnerability has been exported to JIRA or not.
- URL - The URL of the web resource where this vulnerability was found.
- Parameter - The HTTP request parameter that was used for this attack.
- Method - The HTTP method, such as GET or POST, that was used to carry out this attack.
Copy Vulnerability Link
You can copy a link to a vulnerability using the Copy Vulnerability Link button. When shared, the link opens the vulnerability drawer for the selected vulnerability. You can share this link with anyone, however only those users with valid login credentials for InsightAppSec will be able to see it.
App permissions required
Users must have access to the app where the vulnerability was discovered to view the vulnerability details.
The Attack Information section provides details about the vulnerability and recommendations on how to solve it. You will also find links to references from industry-standard councils such as NIST, OWASP, and DISA, which you can use to gather more information about the vulnerability.
InsightAppSec may attempt multiple variations of the same attack on a URL to ensure the security of your applications against a variety of attacks. For example, you may have protected your application against certain special characters in web forms, but not others. The Attack Variances section contains multiple tabs for each variation of an attack attempted by InsightAppSec.
- Attack Variance - An attack can have more than one variation. Each attack variance will be listed next to Attack Variance and will be added as a tab next to Attack 1.
- Attack Type - The type of attack used against the application.
- Original Value - The original non-malicious value of the parameter, which is used to observe normal behavior of the app
- Attack Value - A specially crafted value which is supposed to make the app behave abnormally
- Description - Description of the variation of the attack being attempted.
- Replay Attack - Replay the attack using the Rapid7 AppSec Plugin for Chrome browsers.
- Error - The error message from the application, or a description of the error encountered by the app
- Error Description - A longer description of the error.
- Original Traffic - A snapshot of the HTTP request sent to the app and the response received in the normal case.
- Attack Traffic - A snapshot of the HTTP request sent with the attack value in the parameter, and the resulting response.
This table shows a list of all the scans where this vulnerability has been found in your environment.
The Change History shows the time a change was made on a vulnerability, the event, and which user made the change.
Events that trigger a change:
- Status updates
- Severity changes